Greetings, Cisco WebEx Integrators!

A security update originally communicated in mid-2014 (released via email communication to account contacts and posted on DevNet) has recently been made mandatory (see #4 here for contents of the communication: https://support.webex.com/LocalizedUpgrades/WBS29-7/Security_Enforcement_Developer_Notification.pdf). Part of this enhancement is to require that password and partner ID values are sent via a more secure HTTPS POST method. POST method passes variables as part of the HTTPS body, rather than as part of the URL string.

If you’re using HTML, the following HTTPS POST method will log a host in:

<form action=“https://SITENAME.webex.com/SITENAME/p.php” method=“POST”>

<input type=“hidden” name=“AT” value=“LI”>

<input type=“hidden” name=“WID” value=“USERNAME”>

<input type=“hidden” name=“PW” value=“PASSWORD”>

<input type=“submit”>

</form>

To join a meeting:

<form action=“https://SITENAME.webex.com/SITENAME/m.php” method=“POST”>

<input type=“hidden” name=“AT” value=“JM”>

<input type=“hidden” name=“MK” value=“MEETING_NUMBER”>

<input type=“hidden” name=“AN” value=“ATTENDEE_NAME”>

<input type=“hidden” name=“AE” value=“ATTENDEE_EMAIL”>

<input type=“hidden” name=“PW” value=“MEETING_PASSWORD”>

<input type=“submit”>

</form>

As an alternative, if you use the XML API, you can:

1.  For login, call GetloginurlUser (https://developer.cisco.com/site/webex-developer/develop-test/xml-api/xml-api-reference/#getloginurluser) or GetloginTicket (https://developer.cisco.com/site/webex-developer/develop-test/xml-api/xml-api-reference/#getloginticket).

GetLoginTicket

This API will return a <ticket> value which can be used in place of the users password in our URL API login request (TK instead of PW).The ticket value can only be used once, so you will need to call this XML API for each attempt to authenticate via URL API.  This method will allow you to continue to use HTTP GET as there is no password included in the request.

Usage (note PW is not included, as TK replaces PW):

https://SITENAME.webex.com/SITENAME/p.php?AT=LI&WID=HOST_USERNAME&TK=4cefaf3f1e12ece3f0bc26354f0481aae8835c196528c480bb485e5ac0d4d793

Request:

<?xml version="1.0" encoding="UTF-8"?>

<serv:messagexmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

    <header>

        <securityContext>

            <webExID>HOST_USERNAME</webExID>

            <password>PASSWORD</password>

            <siteName>SITENAME</siteName>

        </securityContext>

    </header>

    <body>

        <bodyContent xsi:type="java:com.webex.service.binding.user.GetLoginTicket"></bodyContent>

    </body>

</serv:message>

Response:

<serv:message>

    <serv:header>

        <serv:response>

            <serv:result>SUCCESS</serv:result>

            <serv:gsbStatus>PRIMARY</serv:gsbStatus>

        </serv:response>

    </serv:header>

    <serv:body>

        <serv:bodyContentxsi:type="use:getLoginTicketResponse">

            <use:ticket>4cefaf3f1e12ece3f0bc26354f0481aae8835c196528c480bb485e5ac0d4d793</use:ticket>

            <use:apiVersion>WebEx XML API V9.0.0</use:apiVersion>

        </serv:bodyContent>

    </serv:body>

</serv:message>

GetloginurlUser

This API is very similar to GetLoginTicket, accept that it will generate the complete Login URL including the single use authentication ticket.   It will end with the BackURL URL API argument (BU=) so that you can redirect to a specific page after authenticating, or append additional subsequence URL API requests.

Example of returned value :

https://SITENAME.webex.com/SITENAME/p.php?AT=LI&FN=FIRSTNAME&LN=LASTNAME&EM=hostEmail@example.com&WID=HOST_USERNAME&TK=123454321012ece3f0bc26354f0481aae8835c196528c480bb485e5ac0d4d793&MU=GoBack&BU=ex.com/SITENAME/p.php?AT=LI&FN=FIRSTNAME&LN=LASTNAME&EM=hostEmail@example.com&WID=HOST_USERNAME&TK=123454321012ece3f0bc26354f0481aae8835c196528c480bb485e5ac0d4d793&MU=GoBack&BU=

Request:

<?xml version="1.0" encoding="UTF-8"?>

<serv:message xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

    <header>

        <securityContext>

            <webExID>HOST_USERNAME</webExID>

            <password>PASSWORD</password>

            <siteName>SITENAME</siteName>

        </securityContext>

    </header>

    <body>

        <bodyContent xsi:type="java:com.webex.service.binding.user.GetloginurlUser">

            <webExID>HOST_USERNAME</webExID>

        </bodyContent>

    </body>

</serv:message>

Response:

<serv:message>

    <serv:header>

        <serv:response>

            <serv:result>SUCCESS</serv:result>

            <serv:gsbStatus>PRIMARY</serv:gsbStatus>

        </serv:response>

    </serv:header>

    <serv:body>

        <serv:bodyContent xsi:type="use:getloginurlUserResponse">

            <use:userLoginURL>https://SITENAME.webex.com/SITENAME/p.php?AT=LI&FN=FIRSTNAME&LN=LASTNAME&EM=hostEmail@example.com&WID=HOST_USERNAME&TK=123454321012ece3f0bc26354f0481aae8835c196528c480bb485e5ac0d4d793&MU=GoBack&BU=ex.com/SITENAME/p.php?AT=LI&FN=FIRSTNAME&LN=LASTNAME&EM=hostEmail@example.com&WID=HOST_USERNAME&TK=123454321012ece3f0bc26354f0481aae8835c196528c480bb485e5ac0d4d793&MU=GoBack&BU=</use:userLoginURL>

        </serv:bodyContent>

    </serv:body>

</serv:message>

2.  For joining and starting meetings, GethosturlMeeting (https://developer.cisco.com/site/webex-developer/develop-test/xml-api/xml-api-reference/#gethosturlmeeting) and GetjoinurlMeeting (https://developer.cisco.com/site/webex-developer/develop-test/xml-api/xml-api-reference/#getjoinurlmeeting) will return a meeting’s respective attendee and host join URLs.

GethosturlMeeting

This API is similar to GetloginurlUser, but goes one step further by automatically appending the Host Meeting URL API to the end of the Login URL.  The returned URL is still using a single-use authentication ticket in place of the password, so you will need to use this XML API request any time the user is attempting to start a meeting (even if its the same session being started again).

Example of returned value :

https://SITENAME.webex.com/SITENAME/p.php?AT=LI&WID=HOST_USERNAME&TK=4c3jd4dsak23noi23nvo4vemow4n2uincwe2433tnv345oyunmalm44oufdy224m&MU=https%3A%2F%2Fsitename.webex.com%2Fsitename%2Fm.php%3FAT%3DHM%26MK%3D111222333%26Rnd%3D0.35268691362794014

Request:

<?xml version="1.0" encoding="UTF-8"?>

<serv:messagexmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

    <header>

        <securityContext>

            <webExID>HOST_USERNAME</webExID>

            <password>PASSWORD</password>

            <siteName>SITENAME</siteName>

        </securityContext>

    </header>

    <body>

        <bodyContent xsi:type="java:com.webex.service.binding.meeting.GethosturlMeeting">

            <sessionKey>SESSION_NUMBER_OR_MEETING_NUMBER</sessionKey>

        </bodyContent>

    </body>

</serv:message>

Response:

<serv:message>

    <serv:header>

        <serv:response>

            <serv:result>SUCCESS</serv:result>

            <serv:gsbStatus>PRIMARY</serv:gsbStatus>

        </serv:response>

    </serv:header>

    <serv:body>

        <serv:bodyContentxsi:type="meet:gethosturlMeetingResponse">

            <meet:hostMeetingURL>https://SITENAME.webex.com/SITENAME/p.php?AT=LI&WID=USERNAME&TK=4c3jd4dsak23noi23nvo4vemow4n2uincwe2433tnv345oyunmalm44oufdy224m&MU=https%3A%2F%2Fapidemoeu.webex.com%2Fapidemoeu%2Fm.php%3FAT%3DHM%26MK%3D111222333%26Rnd%3D0.35268691362794014</meet:hostMeetingURL>

        </serv:bodyContent>

    </serv:body>

</serv:message>

GetjoinurlMeeting

This API request will return a WebEx generated Join Meeting URL API (joinMeetingURL).  The response may also include an (inviteMeetingURL) which can be used by mobile or PC users to join the meeting.   While joinMeetingURL url value will put the attendee directly into the meeting, the inviteMeetingURL value will bring the user to the WebEx site or mobile client and require them to manually enter their information and click the join button.  The URL’s returned by this XML API are not single use, and can be used multiple times but are still specific to the individual participant so you will need to request this URL for each participant separately.

Request:

<?xml version="1.0" encoding="UTF-8"?>

<serv:messagexmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

    <header>

        <securityContext>

            <webExID>HOST_USERNAME</webExID>

            <password>PASSWORD</password>

            <siteName>SITENAME</siteName>

        </securityContext>

    </header>

    <body>

        <bodyContent xsi:type="java:com.webex.service.binding.meeting.GetjoinurlMeeting">

            <sessionKey>SESSION_NUMBER_OR_MEETING_NUMBER</sessionKey>

            <attendeeName>PARTICIPANT NAME</attendeeName>

            <attendeeEmail>participant@example.com</attendeeEmail>

            <meetingPW>MEETING_PASSWORD</meetingPW>

        </bodyContent>

    </body>

</serv:message>

Response:

<serv:message>

    <serv:header>

        <serv:response>

            <serv:result>SUCCESS</serv:result>

            <serv:gsbStatus>PRIMARY</serv:gsbStatus>

        </serv:response>

    </serv:header>

    <serv:body>

        <serv:bodyContentxsi:type="meet:getjoinurlMeetingResponse">

            <meet:joinMeetingURL>https://SITENAME.webex.com/SITENAME/m.php?MTID=12345432107b83698a01388003caa9374</meet:joinMeetingURL>

            <meet:inviteMeetingURL>https://SITENAME.webex.com/SITENAME/j.php?ED=444555666&UID=0&RT=MxMxMQ%3D%3D</meet:inviteMeetingURL>

        </serv:bodyContent>

    </serv:body>

</serv:message>

Feel free to discuss on the forums!

Kasey

Cisco WebEx API Developer Support